Chrony is the default Network Time Protocol (NTP) server in CentOS 8 operating system. It is a replacement for the old Ntpd used in the older version of the Linux operating system. It is used to synchronize the system clock with remote internet time servers. Setting up accurate time is very important for any application to work correctly.

It is made from two components chronyc and chronyd. chronyd is a daemon started at system boot time. chronyc is a command-line interface used to monitor chronyd performance.

In this tutorial, I will show you how to install and use Chrony on CentOS 8 server.

Prerequisites

  • Two servers running CentOS 8.
  • A root password is configured on the server.

Getting Started

Before installing Chrony, you will need to set up a correct timezone in your server. You can set up it with the following command:

timedatectl set-timezone Asia/Kolkata

Now, verify your current timezone with the following command:

timedatectl

You should get the following output:

               Local time: Sun 2021-05-02 20:00:44 IST
           Universal time: Sun 2021-05-02 14:30:44 UTC
                 RTC time: Sun 2021-05-02 14:30:43
                Time zone: Asia/Kolkata (IST,  0530)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Install Chrony Server

By default, the Chrony package is included in the CentOS 8 default repository. You can install it with the following command:

dnf install chrony -y

Once the Chrony is installed, start the Chrony service and enable it to start at system reboot:

systemctl start chronyd

systemctl enable chronyd

You can also verify the status of the Chrony with the following command:

systemctl status chronyd

You should see the following output:

? chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-05-02 20:00:13 IST; 1min 7s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
 Main PID: 616 (chronyd)
    Tasks: 1 (limit: 25014)
   Memory: 2.3M
   CGroup: /system.slice/chronyd.service
           ??616 /usr/sbin/chronyd

May 02 20:00:12 centos8 systemd[1]: Starting NTP client/server...
May 02 20:00:12 centos8 chronyd[616]: chronyd version 3.5 starting ( CMDMON  NTP  REFCLOCK  RTC  PRIVDROP  SCFILTER  SIGND  ASYNCDNS  SECHASH >
May 02 20:00:12 centos8 chronyd[616]: Frequency 18.331  /- 0.061 ppm read from /var/lib/chrony/drift
May 02 20:00:12 centos8 chronyd[616]: Using right/UTC timezone to obtain leap second data
May 02 20:00:13 centos8 systemd[1]: Started NTP client/server.
May 02 20:00:20 centos8 chronyd[616]: Selected source 129.250.35.250
May 02 20:00:20 centos8 chronyd[616]: System clock TAI offset set to 37 seconds
May 02 20:00:20 centos8 chronyd[616]: System clock wrong by 1.153394 seconds, adjustment started
May 02 20:00:21 centos8 chronyd[616]: System clock was stepped by 1.153394 seconds

Configure Chrony Server

Chrony’s main configuration file is located at /etc/chrony.conf. You will need to edit it and change the time servers closest to you.

nano /etc/chrony.conf

Comment out the default pool and add a list of NTP servers closest to your location.

#pool 2.centos.pool.ntp.org iburst
server 1.in.pool.ntp.org
server 2.in.pool.ntp.org
server 3.in.pool.ntp.org

Save and close the file when you are finished then set NTP synchronization with the following command:

timedatectl set-ntp true

Next, restart the Chrony service to apply the changes:

systemctl restart chronyd

You can also allow a specific IP range in your local network to allow access to your NTP server. You can allow it by adding the following line to /etc/chrony.conf file:

# Allow NTP client access from local network.
allow 192.168.0.0/24

You can now check whether your NTP server is working or not with the following command:

chronyc sources

If everything is fine, you should get the following output:

210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? ntp7.mum-in.hosts.301-mo>     2   6     1     8     31ms[   31ms]  /-  248ms
^? static.15.192.216.95.cli>     2   6     1     8   2616us[ 2616us]  /-   88ms
^? 157.245.102.2                 2   6     1     9  -4088us[-4088us]  /-  139ms
^? ec2-13-126-27-131.ap-sou>     2   6     1     9   6017us[ 6017us]  /-  181ms

Configure Firewall

Next, you will need to allow NTP service through the firewall. You can allow it with the following command:

firewall-cmd --permanent --add-service=ntp --permanent

Next, reload the firewall service to apply the changes:

firewall-cmd --reload

Configure Chrony Client

Next, you will need to install Chrony client on the client machine and configure it to use your Chrony server.

On the Client machine, set your correct timezone with the following command:

timedatectl set-timezone Asia/Kolkata

Next, install the Chrony package with the following command:

dnf install chrony -y

Once the installation is completed, edit your Chrony configuration file and point your NTP server.

nano /etc/chrony.conf

Commentout default pool and add the following line:

server chrony-server-ip

Save and close the file then set NTP synchronization with the following command:

timedatectl set-ntp true

Next, start the Chrony service and enable it to start at system reboot with the following command:

systemctl start chronyd

systemctl enable chronyd

Now, verify the time synchronization with the following command:

chronyc sources

You should get the following output:

210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? chrony-server-ip              0   6     0   10y      0ns[    0ns]  /-    0ns

Conclusion

In the above guide, you learned how to set up a Chrony NTP server on CentOS 8. You also learned how to install the Chrony client and configure it to synchronize time with the Chrony server. Feel free to ask me if you have any questions.

<img alt="Hitesh Jethva" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/05/echo/hitesh-80.jpg609e9c8fd534d.jpg" ezimgfmt="rs rscb3 src ng ngcb3" src="data:image/svg xml,”>

About Hitesh Jethva

Over 8 years of experience as a Linux system administrator. My skills include a depth knowledge of Redhat/Centos, Ubuntu Nginx and Apache, Mysql, Subversion, Linux, Ubuntu, web hosting, web server, Squid proxy, NFS, FTP, DNS, Samba, LDAP, OpenVPN, Haproxy, Amazon web services, WHMCS, OpenStack Cloud, Postfix Mail Server, Security etc.